W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2013

RE: Certificate Revocation in Java

From: Hill, Brad <bhill@paypal-inc.com>
Date: Wed, 6 Mar 2013 17:10:18 +0000
To: "ben@digicert.com" <ben@digicert.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <370C9BEB4DD6154FA963E2F79ADC6F2E27955C72@DEN-EXDDA-S12.corp.ebay.com>
Ben,

Our charter here (as with the rest of the W3C) is concerned with the Open Web Platform, specifically technologies usually implemented in browsers to secure web applications (typically written in HTML + CSS + JavaScript).

While plugins like Java are a part of the Web, their behavior and features are proprietary, not specified by the W3C.

Thanks,

Brad Hill

From: Ben Wilson [mailto:ben@digicert.com]
Sent: Wednesday, March 06, 2013 8:40 AM
To: public-webappsec@w3.org
Subject: Certificate Revocation in Java

Is this within the scope of your charter / domain?
Malicious applet using stolen code signing cert still installs because Java has revocation checking turned off by default.
http://www.net-security.org/secworld.php?id=14557
Received on Wednesday, 6 March 2013 17:10:49 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:00 UTC